29 matches found
Jenkins Plugin Keycloak Authentication 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-19617 · Jenkins · Jenkins Keycloak Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to trick users into logging in to the attacker's account. This can be achieved by exploiting the login...
PT-2023-19616 · Jenkins · Jenkins Keycloak Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login, which could lead to security concerns. Recommendations: For versions 2.3.0 a...
CVE-2023-24457
A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24457
CVE-2023-24457 describes a CSRF vulnerability in the Jenkins Keycloak Authentication Plugin (versions
CVE-2023-24456
CVE-2023-24456 affects Jenkins Keycloak Authentication Plugin 2.3.0 and earlier. The issue: login does not invalidate the previous session, enabling session fixation. Impact noted as high/critical (CVSS 3.1 base 9.8). Affected versions: 2.3.0 and earlier. Remediation guidance in connected docs: u...
CVE-2023-24457
A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24456
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...